crtxcr
/
looqs
1
0
포크 0
코드 이슈 풀 리퀘스트 1 릴리즈 위키 활동

gui: main: Enable exile.h for IPC preview generation

This commit is contained in:
Albert S. 2022-05-29 09:23:37 +02:00
부모 472661bff6
커밋 e44fb1a942
1개의 변경된 파일26개의 추가작업 그리고 0개의 파일을 삭제
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
gui/main.cpp
파일 보기

@ -32,6 +32,31 @@ void enableSandbox()
} }
exile_free_policy(policy); exile_free_policy(policy);
} }
void enableIpcSandbox(QString socketPath)
{
struct exile_policy *policy = exile_create_policy();
if(policy == NULL)
{
qCritical() << "Failed to init policy for sandbox";
exit(EXIT_FAILURE);
}
policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
policy->no_new_privs = 1;
policy->drop_caps = 1;
policy->vow_promises = exile_vows_from_str("thread cpath wpath rpath unix stdio prot_exec proc shm fsnotify ioctl");
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ, "/");
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, "/tmp");
int ret = exile_enable_policy(policy);
if(ret != 0)
{
qDebug() << "Failed to establish sandbox";
exit(EXIT_FAILURE);
}
exile_free_policy(policy);
}
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
QString socketPath = "/tmp/looqs-spawner"; QString socketPath = "/tmp/looqs-spawner";
@ -41,6 +66,7 @@ int main(int argc, char *argv[])
if(arg == "ipc") if(arg == "ipc")
{ {
Common::setupAppInfo(); Common::setupAppInfo();
enableIpcSandbox(socketPath);
QApplication a(argc, argv); QApplication a(argc, argv);
IpcServer *ipcserver = new IpcServer(); IpcServer *ipcserver = new IpcServer();